job "democratic-csi-node" { type = "system" datacenters = ["dc1"] region = "global" priority = 90 constraint { operator = "distinct_hosts" value = "true" } group "iscsi-node" { constraint { operator = "distinct_hosts" value = "true" } service { name = "democratic-csi-iscsi-node" meta { alloc = "${node.unique.name}" datacenter = "${NOMAD_DC}" group = "${NOMAD_GROUP_NAME}" job = "${NOMAD_JOB_NAME}" namespace = "${NOMAD_NAMESPACE}" node = "${node.unique.name}" region = "${NOMAD_REGION}" } } restart { interval = "5m" attempts = 30 delay = "10s" mode = "delay" } volume "host_root" { source = "host_root" type = "host" } volume "host_run_udev" { source = "host_run_udev" type = "host" read_only = true } task "iscsi-node" { driver = "docker" config { image = "danielberteaud/democratic-csi:1.9.0-1" args = [ "--csi-version=1.5.0", # must match the csi_plugin.id attribute below "--csi-name=org.democratic-csi.iscsi", "--driver-config-file=/secrets/config.yml", "--log-level=info", "--csi-mode=node", "--server-socket=/csi/csi.sock", ] # node plugins must run as privileged jobs because they # mount disks to the host userns_mode = "host" privileged = true ipc_mode = "host" network_mode = "host" } env { CSI_NODE_ID = "${attr.unique.hostname}" } # Use a template block instead of env {} so we can fetch values from vault template { data = <<_EOT LANG=fr_FR.utf8 TZ=Europe/Paris _EOT destination = "secrets/.env" perms = 400 env = true } template { data = <<_EOF --- driver: freenas-api-iscsi instance_id: _EOF destination = "secrets/config.yml" } csi_plugin { # must match --csi-name arg id = "org.democratic-csi.iscsi" type = "node" mount_dir = "/csi" } volume_mount { volume = "host_root" destination = "/host" propagation_mode = "bidirectional" } volume_mount { volume = "host_run_udev" destination = "/run/udev" } resources { cpu = 100 memory = 128 memory_max = 192 } } } group "nfs-node" { constraint { operator = "distinct_hosts" value = "true" } service { name = "democratic-csi-nfs-node" meta { alloc = "${node.unique.name}" datacenter = "${NOMAD_DC}" group = "${NOMAD_GROUP_NAME}" job = "${NOMAD_JOB_NAME}" namespace = "${NOMAD_NAMESPACE}" node = "${node.unique.name}" region = "${NOMAD_REGION}" } } restart { interval = "5m" attempts = 30 delay = "10s" mode = "delay" } task "nfs-node" { driver = "docker" config { image = "danielberteaud/democratic-csi:1.9.0-1" args = [ "--csi-version=1.5.0", # must match the csi_plugin.id attribute below "--csi-name=org.democratic-csi.nfs", "--driver-config-file=/secrets/config.yml", "--log-level=info", "--csi-mode=node", "--server-socket=/csi/csi.sock", ] # node plugins must run as privileged jobs because they # mount disks to the host userns_mode = "host" privileged = true ipc_mode = "host" network_mode = "host" } env { CSI_NODE_ID = "${attr.unique.hostname}" } # Use a template block instead of env {} so we can fetch values from vault template { data = <<_EOT LANG=fr_FR.utf8 TZ=Europe/Paris _EOT destination = "secrets/.env" perms = 400 env = true } template { data = <<_EOF --- driver: freenas-api-nfs instance_id: _EOF destination = "secrets/config.yml" } csi_plugin { # must match --csi-name arg id = "org.democratic-csi.nfs" type = "node" mount_dir = "/csi" } resources { cpu = 100 memory = 128 memory_max = 192 } } } } # vim: syntax=hcl